GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,990
Composer 4,293
Erlang 31
GitHub Actions 21
Go 2,061
Maven 5,239
npm 3,744
NuGet 668
pip 3,423
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,532

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,141 advisories

Filter by severity

Sort by

Least recently updated

The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when... Moderate Unreviewed

CVE-2021-24446 was published Feb 15, 2022

The Entity Embed module provides a filter to allow embedding entities in content fields. In... Moderate Unreviewed

CVE-2020-13673 was published Feb 12, 2022

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Moderate Unreviewed

CVE-2022-0238 was published Feb 11, 2022

The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce checks, which allows... Moderate Unreviewed

CVE-2021-24668 was published Feb 8, 2022

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed

CVE-2021-24843 was published Feb 8, 2022

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed

CVE-2021-24839 was published Feb 8, 2022

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed

CVE-2021-24947 was published Feb 8, 2022

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed

CVE-2021-24993 was published Feb 8, 2022

The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the... Moderate Unreviewed

CVE-2021-25108 was published Feb 8, 2022

The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a... Moderate Unreviewed

CVE-2021-24761 was published Feb 2, 2022

The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF... Moderate Unreviewed

CVE-2021-25072 was published Feb 2, 2022

The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library... Moderate Unreviewed

CVE-2021-25092 was published Feb 2, 2022

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed

CVE-2021-25097 was published Feb 2, 2022

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers... Moderate Unreviewed

CVE-2022-23887 was published Jan 29, 2022

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed

CVE-2021-24968 was published Jan 25, 2022

The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place... Moderate Unreviewed

CVE-2021-24989 was published Jan 25, 2022

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed

CVE-2021-25013 was published Jan 25, 2022

mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The... Moderate Unreviewed

CVE-2021-46027 was published Jan 21, 2022

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The... Moderate Unreviewed

CVE-2021-46028 was published Jan 21, 2022

Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries... Moderate Unreviewed

CVE-2021-44777 was published Jan 20, 2022

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed

CVE-2021-25025 was published Jan 18, 2022

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0... Moderate Unreviewed

CVE-2021-46080 was published Jan 7, 2022

iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by... Moderate Unreviewed

CVE-2020-29292 was published Dec 31, 2021

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before... Moderate Unreviewed

CVE-2021-24988 was published Dec 28, 2021

A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7... Moderate Unreviewed

CVE-2020-20943 was published Dec 28, 2021

Previous 1 2 … 122 123 124 125 126 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,141 advisories